Only detect mds for mitigate.

Only detect and mitigate on mds for the mitigate command. PiperOrigin-RevId: 358924466
author: Zach Koopmans <zkoopmans@google.com> 2021-02-22 16:00:33 -0800
committer: gVisor bot <gvisor-bot@google.com> 2021-02-22 16:02:32 -0800
commit: 24ea8003a49dbbcdfbbf2e5969c4bf8002063b86 (patch)
tree: 2892bf7e305150d7be2966c9c837a28f6d3f6c38 /runsc/mitigate/mitigate.go
parent: 34e2cda9ad6a20861844776abfbb45052d20c3fa (diff)
1 files changed, 1 insertions, 5 deletions
diff --git a/runsc/mitigate/mitigate.go b/runsc/mitigate/mitigate.go
index 5be66f5f3..3ea58454f 100644
--- a/runsc/mitigate/mitigate.go
+++ b/runsc/mitigate/mitigate.go
@@ -36,11 +36,7 @@ type Mitigate struct {
 func (m Mitigate) Usage() string {
 	usageString := `mitigate [flags]
 
-This command mitigates an underlying system against side channel attacks.
-The command checks /proc/cpuinfo for cpus having key vulnerablilities (meltdown,
-l1tf, mds, swapgs, taa). If cpus are found to have one of the vulnerabilities,
-all but one cpu is shutdown on each core via
-/sys/devices/system/cpu/cpu{N}/online.
+Mitigate mitigates a system to the "MDS" vulnerability by implementing a manual shutdown of SMT. The command checks /proc/cpuinfo for cpus having the MDS vulnerability, and if found, shutdown all but one CPU per hyperthread pair via /sys/devices/system/cpu/cpu{N}/online. CPUs can be restored by writing "2" to each file in /sys/devices/system/cpu/cpu{N}/online or performing a system reboot.
 `
 	return usageString + m.other.usage()
 }
author	Zach Koopmans <zkoopmans@google.com>	2021-02-22 16:00:33 -0800
committer	gVisor bot <gvisor-bot@google.com>	2021-02-22 16:02:32 -0800
commit	24ea8003a49dbbcdfbbf2e5969c4bf8002063b86 (patch)
tree	2892bf7e305150d7be2966c9c837a28f6d3f6c38 /runsc/mitigate/mitigate.go
parent	34e2cda9ad6a20861844776abfbb45052d20c3fa (diff)